Total
29527 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-29471 | 1 Cybozu | 1 Garoon | 2023-08-08 | 4.0 MEDIUM | 4.3 MEDIUM |
| Browse restriction bypass vulnerability in Bulletin of Cybozu Garoon allows a remote authenticated attacker to obtain the data of Bulletin. | |||||
| CVE-2022-25219 | 1 Phicomm | 10 K2, K2 Firmware, K2g and 7 more | 2023-08-08 | 6.9 MEDIUM | 8.4 HIGH |
| A null byte interaction error has been discovered in the code that the telnetd_startup daemon uses to construct a pair of ephemeral passwords that allow a user to spawn a telnet service on the router, and to ensure that the telnet service persists upon reboot. By means of a crafted exchange of UDP packets, an unauthenticated attacker on the local network can leverage this null byte interaction error in such a way as to make those ephemeral passwords predictable (with 1-in-94 odds). Since the attacker must manipulate data processed by the OpenSSL function RSA_public_decrypt(), successful exploitation of this vulnerability depends on the use of an unpadded RSA cipher (CVE-2022-25218). | |||||
| CVE-2022-2512 | 1 Gitlab | 1 Gitlab | 2023-08-08 | N/A | 6.5 MEDIUM |
| An issue has been discovered in GitLab CE/EE affecting all versions starting from 15.0 before 15.0.5, all versions starting from 15.1 before 15.1.4, all versions starting from 15.2 before 15.2.1. Membership changes are not reflected in TODO for confidential notes, allowing a former project members to read updates via TODOs. | |||||
| CVE-2022-0803 | 4 Apple, Google, Linux and 1 more | 4 Macos, Chrome, Linux Kernel and 1 more | 2023-08-08 | 4.3 MEDIUM | 6.5 MEDIUM |
| Inappropriate implementation in Permissions in Google Chrome prior to 99.0.4844.51 allowed a remote attacker to tamper with the contents of the Omnibox (URL bar) via a crafted HTML page. | |||||
| CVE-2022-22798 | 1 Sysaid | 1 Sysaid | 2023-08-08 | 9.0 HIGH | 8.8 HIGH |
| Sysaid – Pro Plus Edition, SysAid Help Desk Broken Access Control v20.4.74 b10, v22.1.20 b62, v22.1.30 b49 - An attacker needs to log in as a guest after that the system redirects him to the service portal or EndUserPortal.JSP, then he needs to change the path in the URL to /ConcurrentLogin%2ejsp after that he will receive an error message with a login button, by clicking on it, he will connect to the system dashboard. The attacker can receive sensitive data like server details, usernames, workstations, etc. He can also perform actions such as uploading files, deleting calls from the system. | |||||
| CVE-2022-36562 | 1 Rubyinstaller | 1 Rubyinstaller2 | 2023-08-08 | N/A | 8.8 HIGH |
| Incorrect access control in the install directory (C:\Ruby31-x64) of Rubyinstaller2 v3.1.2 and below allows authenticated attackers to execute arbitrary code via overwriting binaries located in the directory. | |||||
| CVE-2022-28749 | 1 Zoom | 1 On-premise Meeting Connector Multimedia Router | 2023-08-08 | 4.0 MEDIUM | 4.3 MEDIUM |
| Zooms On-Premise Meeting Connector MMR before version 4.8.113.20220526 fails to properly check the permissions of a Zoom meeting attendee. As a result, a threat actor in the Zooms waiting room can join the meeting without the consent of the host. | |||||
| CVE-2022-23775 | 1 Truestack | 1 Direct Connect | 2023-08-08 | 7.5 HIGH | 9.8 CRITICAL |
| TrueStack Direct Connect 1.4.7 has Incorrect Access Control. | |||||
| CVE-2021-43415 | 1 Hashicorp | 1 Nomad | 2023-08-08 | 6.0 MEDIUM | 8.8 HIGH |
| HashiCorp Nomad and Nomad Enterprise up to 1.0.13, 1.1.7, and 1.2.0, with the QEMU task driver enabled, allowed authenticated users with job submission capabilities to bypass the configured allowed image paths. Fixed in 1.0.14, 1.1.8, and 1.2.1. | |||||
| CVE-2022-22589 | 1 Apple | 7 Ipados, Iphone Os, Mac Os X and 4 more | 2023-08-08 | 4.3 MEDIUM | 6.1 MEDIUM |
| A validation issue was addressed with improved input sanitization. This issue is fixed in iOS 15.3 and iPadOS 15.3, watchOS 8.4, tvOS 15.3, Safari 15.3, macOS Monterey 12.2. Processing a maliciously crafted mail message may lead to running arbitrary javascript. | |||||
| CVE-2022-34854 | 1 Intel | 1 System Usage Report | 2023-08-08 | N/A | 7.8 HIGH |
| Improper access control in the Intel(R) SUR software before version 2.4.8902 may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
| CVE-2022-1111 | 1 Gitlab | 1 Gitlab | 2023-08-08 | 3.5 LOW | 2.7 LOW |
| A business logic error in Project Import in GitLab CE/EE versions 14.9 prior to 14.9.2, 14.8 prior to 14.8.5, and 14.0 prior to 14.7.7 under certain conditions caused imported projects to show an incorrect user in the 'Access Granted' column in the project membership pages | |||||
| CVE-2021-41844 | 1 Crocoblock | 1 Jetengine | 2023-08-08 | 7.5 HIGH | 9.8 CRITICAL |
| Crocoblock JetEngine before 2.9.1 does not properly validate and sanitize form data. | |||||
| CVE-2022-34157 | 1 Intel | 2 Fpga Software Development Kit, Quartus Prime | 2023-08-08 | N/A | 7.8 HIGH |
| Improper access control in the Intel(R) FPGA SDK for OpenCL(TM) with Intel(R) Quartus(R) Prime Pro Edition software before version 22.1 may allow authenticated user to potentially enable escalation of privilege via local access. | |||||
| CVE-2022-24300 | 2 Debian, Minetest | 2 Debian Linux, Minetest | 2023-08-08 | 7.5 HIGH | 9.8 CRITICAL |
| Minetest before 5.4.0 allows attackers to add or modify arbitrary meta fields of the same item stack as saved user input, aka ItemStack meta injection. | |||||
| CVE-2021-43129 | 1 D2l | 1 Brightspace | 2023-08-08 | 5.8 MEDIUM | 6.5 MEDIUM |
| A bypass exists for Desire2Learn/D2L Brightspace’s “Disable Right Click” option in the quizzing feature, which allows a quiz-taker to access print and copy functionality via the browser’s right click menu even when “Disable Right Click” is enabled on the quiz. | |||||
| CVE-2022-3317 | 1 Google | 2 Android, Chrome | 2023-08-08 | N/A | 4.3 MEDIUM |
| Insufficient validation of untrusted input in Intents in Google Chrome on Android prior to 106.0.5249.62 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. (Chromium security severity: Low) | |||||
| CVE-2021-25648 | 1 Testes-codigo | 1 Testes De Codigo | 2023-08-08 | 7.5 HIGH | 9.8 CRITICAL |
| Mobile application "Testes de Codigo" 11.4 and prior allows an attacker to gain access to the administrative interface and premium features by tampering the boolean value of parameters "isAdmin" and "isPremium" located on device storage. | |||||
| CVE-2022-1783 | 1 Gitlab | 1 Gitlab | 2023-08-08 | 4.0 MEDIUM | 2.7 LOW |
| An issue has been discovered in GitLab CE/EE affecting all versions starting from 14.3 before 14.9.5, all versions starting from 14.10 before 14.10.4, all versions starting from 15.0 before 15.0.1. It may be possible for malicious group maintainers to add new members to a project within their group, through the REST API, even after their group owner enabled a setting to prevent members from being added to projects within that group. | |||||
| CVE-2022-26703 | 1 Apple | 2 Ipados, Iphone Os | 2023-08-08 | 2.1 LOW | 2.4 LOW |
| An authorization issue was addressed with improved state management. This issue is fixed in iOS 15.5 and iPadOS 15.5. A person with physical access to an iOS device may be able to access photos from the lock screen. | |||||